Add to my Schedule Session Block—Privacy Engineering
09 Sep 2019 10:40 AM - 11:00 AM (UTC)
20190909T1040 20190909T1100 UTC Establishing Trust with a Risk Based Approach and Decentralized Authentication The digital era requires services online,that customers can execute with the click of a button. Businesses have no option but to allow high risk transactions to be completed online because their custo... Transforming Privacy Law into Practice | 9-10 September | University of Oxford events@oasis-open.org

The digital era requires services online,that customers can execute with the click of a button. Businesses have no option but to allow high risk transactions to be completed online because their customers are accustomed to it. Ensuring availability of services while safeguarding privacy of customer information is one of the biggest challenges with digital authentication. Increased Account Take Over incidents necessitated the evolution of authentication methods beyond passwords. Stronger Multi Factor authentication methods are now avai lable, but adoption is low due to various factors. A complex authentication process would protect customer information but drive down usability and would not be favorable for business growth. On the other hand, a data breach could be detrimental to the business and could potentially lead to loss of customer base. Improvement of user experience with seamless authentication while increasing the friction to disallow threat actors is the ideal end state businesses strive to reach.


At CVS Health, we have solved this problem by adopting a Risk based approach towards authentication. We have embraced FIDO standards to enable stronger authentication and move the industry forward towards a decentralized authentication framework. We have increased the threshold for Identity vetting during digital identity enrollment and other use cases that are considered high risk. With the explicit consent of the user, a digital profile of the user is built that sums up not just the binary result of authentication but all the attributes that make up the digital presence are stored and compared against during future interactions. Authentication is now a continuous process and is based on the trust established overthe course of a user's connections in the digital world.


Details on the implementation of this Risk based, approach along with FIDO standards will be presented.